pool: free list modified: mbufpl (3)
0 views
Skip to first unread message
syzbot
Oct 20, 2023, 10:10:14 AM10/20/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 77568e37aedd Add interop test with Dropbear. Right now th..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14582499680000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=35d783cdde9512183454
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cd6466434b73/disk-77568e37.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/119ad567bc43/bsd-77568e37.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3f6b03d860d5/kernel-77568e37.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+35d783...@syzkaller.appspotmail.com
login: panic: pool_do_get: mbufpl free list modified: page 0xfffffd807a8c4000; item addr 0xfffffd807a8c4600; offset 0x0=0x0 != 0xd7beed5cf24e1e7a
Starting stack trace...
panic(ffffffff8282f0b0) at panic+0x159 sys/kern/subr_prf.c:229
pool_do_get(ffffffff82c81970,2,ffff80002167b658) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff82c81970,2) at pool_get+0xb7 sys/kern/subr_pool.c:582
m_copym(fffffd806838c900,16d4,5a8,2) at m_copym+0x1b2 m_get sys/kern/uipc_mbuf.c:244 [inline]
m_copym(fffffd806838c900,16d4,5a8,2) at m_copym+0x1b2 sys/kern/uipc_mbuf.c:661
tcp_chopper(fffffd806838c900,ffff80002167b828,ffff80000019e2a8,5a8) at tcp_chopper+0x3c7 sys/netinet/tcp_output.c:1291
tcp_if_output_tso(ffff80000019e2a8,ffff80002167b9e8,ffff8000006c6d60,fffffd806f2792a0,1000,5dc) at tcp_if_output_tso+0x107 sys/netinet/tcp_output.c:1383
if_output_tso(ffff80000019e2a8,ffff80002167b9e8,ffff8000006c6d60,fffffd806f2792a0,5dc) at if_output_tso+0x8f sys/net/if.c:917
ip_output(fffffd806838c900,0,fffffd806f3631c8,800,0,fffffd806f363150,87305c8f162e8349) at ip_output+0xe9f sys/netinet/ip_output.c:456
tcp_output(ffff800000cea328) at tcp_output+0x2727 sys/netinet/tcp_output.c:1089
tcp_send(fffffd806e5c63a0,fffffd806838c800,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5c63a0,0,ffff80002167be18,0,0,80) at sosend+0x66d
dofilewritev(ffff800021634a98,4,ffff80002167be18,0,ffff80002167bf00) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff800021634a98,ffff80002167beb0,ffff80002167bf00) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff80002167bf80) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f0e0f8689a0, count: 242
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 77568e37aedd Add interop test with Dropbear. Right now th..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14582499680000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=35d783cdde9512183454
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cd6466434b73/disk-77568e37.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/119ad567bc43/bsd-77568e37.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3f6b03d860d5/kernel-77568e37.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+35d783...@syzkaller.appspotmail.com
login: panic: pool_do_get: mbufpl free list modified: page 0xfffffd807a8c4000; item addr 0xfffffd807a8c4600; offset 0x0=0x0 != 0xd7beed5cf24e1e7a
Starting stack trace...
panic(ffffffff8282f0b0) at panic+0x159 sys/kern/subr_prf.c:229
pool_do_get(ffffffff82c81970,2,ffff80002167b658) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff82c81970,2) at pool_get+0xb7 sys/kern/subr_pool.c:582
m_copym(fffffd806838c900,16d4,5a8,2) at m_copym+0x1b2 m_get sys/kern/uipc_mbuf.c:244 [inline]
m_copym(fffffd806838c900,16d4,5a8,2) at m_copym+0x1b2 sys/kern/uipc_mbuf.c:661
tcp_chopper(fffffd806838c900,ffff80002167b828,ffff80000019e2a8,5a8) at tcp_chopper+0x3c7 sys/netinet/tcp_output.c:1291
tcp_if_output_tso(ffff80000019e2a8,ffff80002167b9e8,ffff8000006c6d60,fffffd806f2792a0,1000,5dc) at tcp_if_output_tso+0x107 sys/netinet/tcp_output.c:1383
if_output_tso(ffff80000019e2a8,ffff80002167b9e8,ffff8000006c6d60,fffffd806f2792a0,5dc) at if_output_tso+0x8f sys/net/if.c:917
ip_output(fffffd806838c900,0,fffffd806f3631c8,800,0,fffffd806f363150,87305c8f162e8349) at ip_output+0xe9f sys/netinet/ip_output.c:456
tcp_output(ffff800000cea328) at tcp_output+0x2727 sys/netinet/tcp_output.c:1089
tcp_send(fffffd806e5c63a0,fffffd806838c800,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5c63a0,0,ffff80002167be18,0,0,80) at sosend+0x66d
dofilewritev(ffff800021634a98,4,ffff80002167be18,0,ffff80002167bf00) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff800021634a98,ffff80002167beb0,ffff80002167bf00) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff80002167bf80) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f0e0f8689a0, count: 242
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 18, 2024, 9:10:17 AMJan 18
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages